VegasKiller Posted January 16, 2011 Posted January 16, 2011 Hello I am trying to protect my login sequence from sql injections but am getting an error. I have changed this: if ($_POST['username'] == "" || $_POST['password'] == "") { To This: if mysql_real_escape_string($_POST['username'] == "")) || mysql_real_escape_string($_POST['password'] == "")) { and m getting this error: Parse error: syntax error, unexpected T_STRING, expecting '(' in /verify.php on line 3 Can someone please help me with this, Line 3 is the long line. Quote
Jordan Palmer Posted January 16, 2011 Posted January 16, 2011 $_POST['username'] = mysql_real_escape_string($_POST['username']); Then do the IF.. Quote
corruptcity || skalman Posted January 16, 2011 Posted January 16, 2011 you have 2 close brackets and none open brackets for the $_POST['username'] aswell Quote
rulerofzu Posted January 16, 2011 Posted January 16, 2011 mc2? $db->escape Personally I like to name it so $var=$db->escape($_POST.... if your on a webhost with PHP5 then you can use filter_input and filter_var. Quote
Dominion Posted January 16, 2011 Posted January 16, 2011 You don't use mres twice... I suggest a quick google of how to secure against sql injections. Quote
Paul Evans Posted January 16, 2011 Posted January 16, 2011 $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); if mysql_real_escape_string($_POST['username'] == "") || mysql_real_escape_string($_POST['password'] == "") { wow maybe: $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); if ( $_POST['username'] == "" || $_POST['password'] == "" ) { Quote
Djkanna Posted January 16, 2011 Posted January 16, 2011 You wouldn't have this problem if you actually paid the fella you owe $500+ too, he wouldn't be exploiting your game. Quote
Blade Maker Posted January 16, 2011 Posted January 16, 2011 He owes me $520 and scammed me, now will not even reply, so now he wants his login secure lol. I already messaged him how but guess he is just a noob, really though we would have made a great game if he never scammed me. Vegas I still want that money, please give it to me, I atleast want $100 at the least. Quote
Dominion Posted January 16, 2011 Posted January 16, 2011 http://makewebgames.io/board873-collaboration-experiences/ With appropriate documentation. There is really no way you can keep posting that without some way of proving it. Quote
Yakura Posted January 16, 2011 Posted January 16, 2011 $_POST['username'] = mysql_real_escape_string($_POST['username']); $_POST['password'] = mysql_real_escape_string($_POST['password']); if ($_POST['username'] == "" || $_POST['password'] == "" ){ Then you tell them to fill out both forms then you check if it matches what is in the database. You should really know this. Quote
Djkanna Posted January 17, 2011 Posted January 17, 2011 if (trim ($_POST['var']) == '' ) { //continue to process. } Quote
Paul Evans Posted January 17, 2011 Posted January 17, 2011 I really don't get how he could owe someone 520 bucks... what did you do for it lol Quote
Paul Evans Posted January 17, 2011 Posted January 17, 2011 Jordan: The Big RipOFFF eat me :) (I know i put 3 f's so blah!) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.